Fail-safe apparatus and fail-safe method for electronic control system

1. A fail-safe apparatus of an electronic control system comprising: a fault diagnosis device for performing a fault diagnosis of a diagnosis object and setting a fault diagnosis flag denoting whether a fault exists or not; a first request flag operation device for operating a first fail-safe request flag denoting whether to request execution of fail-safe process or not, according to a logic operation based on said fault diagnosis flag; a second request flag operation device for operating a second fail-safe request flag according to the logic operation based on said fault diagnosis flag, which performs an operation of a fail-safe request flag according to the logic reverse to the logic for the logic operation performed by said first request flag operation device; and a fail-safe control device for outputting a fail-safe control signal to a control object when at least one of said first and second fail-safe request flags denotes a request for executing fail-safe process.

2. The fail-safe apparatus of an electronic control system according to claim 1, wherein: the request for executing fail-safe process is denoted when said first fail-safe request flag is set to 1; and the request for executing fail-safe process is denoted when said second fail-safe request flag is set to 0.

3. The fail-safe apparatus of an electronic control system according to claim 1, wherein: the logic operations of said first and second request flag operation devices include a logic operation operating said first and second fail-safe request flags to a value denoting the request for executing fail-safe process, when at least one of the two fail-safe request flags, one flag being operated based on said fault diagnosis flag and the other flag being operated based on said fault diagnosis of the control object, denotes the request for executing fail-safe process.

4. The fail-safe apparatus of an electronic control system according to claim 1, wherein: the logic operations of said first and second request flag operation devices include a logic operation cancelling the request for executing said fail-safe process according to said first and second fail-safe request flags, when clear conditions are fulfilled.

5. The fail-safe apparatus of an electronic control system according to claim 4, further comprising: a first clear condition operation device for performing a logic operation of a clear condition flag denoting whether said clear conditions are fulfilled, and outputting the result to said first request flag operation device; and a second clear condition operation device for performing a logic operation of said clear condition flag and outputting the result to said second request flag operation device, which performs the logic operation of said clear condition flag according to the logic reverse to the logic for the logic operation performed by said first clear condition operation device.

6. The fail-safe apparatus of an electronic control system according to claim 1, wherein: the logic operations of said first and second request flag operation devices include a logic operation operating said first and second fail-safe request flags to a value denoting the request for executing fail-safe process, when at least one of the two fail-safe request flags, one flag being operated based on said fault diagnosis flag and the other flag being operated based on said fault diagnosis flag, denotes the request for executing fail-safe process.

7. The fail-safe apparatus of an electronic control system according to claim 1, wherein: said fault diagnosis device diagnoses a read/write error of a RAM as said diagnosis object.

8. The fail-safe apparatus of an electronic control system according to claim 7, wherein: said RAM as said diagnosis object is a RAM utilized for controlling a motor in an engine having a throttle valve being driven to open/close by said motor.

9. The fail-safe apparatus of an electronic control system according to claim 8, wherein: said fail-safe control device makes a relay of said motor to be said control object, and outputs a fail-safe control signal for turning the relay off forcibly when at least one of said first and second fail-safe request flags denotes a request for executing fail-safe process.

10. A fail-safe apparatus of an electronic control system comprising: a fault diagnosis means for performing a fault diagnosis of a diagnosis object and setting a fault diagnosis flag denoting whether a fault exists or not; a first request flag operation means for operating a first fail-safe request flag denoting whether to request execution of a fail-safe process or not, according to a logic operation based on said fault diagnosis flag; a second request flag operation means for operating a second fail-safe request flag according to a logic operation based on said fault diagnosis flag, which performs an operation of a fail-safe request flag according to the logic reverse to the logic for the logic operation performed by said first request flag operation device; and a fail-safe control means for outputting a fail-safe control signal to a control object when at least one of said first and second fail-safe request flags denotes a request for executing said fail-safe process.

11. A fail-safe method of an electronic control system comprising the steps of: performing a fault diagnosis of a diagnosis object; operating a first fail-safe request flag that denotes a request for executing fail-safe process when the flag is set to 1, based on the result of said fault diagnosis; operating a second fail-safe request flag that denotes a request for executing fail-safe process when the flag is set to 0, based on the result of said fault diagnosis; and executing said fail-safe process when at least one of said first and second fail-safe request flags denotes a request for executing the fail-safe process.

12. A fail-safe method of an electronic control system comprising the steps of: operating a fault diagnosis flag denoting whether a fault exists in a diagnosis object; operating a first fail-safe request flag denoting whether to request execution of fail-safe process or not, according to a logic operation based on said fault diagnosis flag; operating a second fail-safe request flag based on said fault diagnosis flag, according to the logic reverse to the logic for the operation of said first fail-safe request flag; and outputting a fail-safe control signal to a control object when at least one of the first and second fail-safe request flags denotes a request for executing fail-safe process.

13. A fail-safe apparatus of an electronic control system comprising: a diagnosis circuit for performing a fault diagnosis of a diagnosis object and operating diagnosis flags #FLGRTM and #FLGRTS, which denote that a fault has occurred when set to 1; a first OR circuit for outputting a fail-safe request flag #ETCOFF according to an OR operation based on said diagnosis flags #FLGRTM and #FLGRTS; a first NOR circuit for outputting a fail-safe request flag #ETCOFF_S according to a NOT-OR operation based on said diagnosis flags #FLGRTM and #FLGRTS; a second NOR circuit for outputting a fail-safe request flag #RLYON according to a NOT-OR operation of said fail-safe request flag #ETCOFF and a fail-safe request flag #RLYOFFRQ, which is operated based on a fault diagnosis of a control object and which denotes a fail-safe request when set to 1; a first NAND circuit for outputting a fail-safe request flag #RLYON_S according to a NOT-AND operation of said fail-safe request flag #ETCOFF_S and a fail-safe request flag #RLYON_SQ, which is operated based on said fault-diagnosis of the control object and which denotes a fail-safe request when set to 0; and a first AND circuit for outputting a fail-safe control signal to said control object according to an AND operation of said fail-safe request flag #RLYON and an inverted value of said fail-safe request flag #RLYON_S.

14. The fail-safe apparatus of an electronic control system according to claim 13, further comprising: a second AND circuit for outputting to said second NOR circuit, instead of said fail-safe request flag #ETCOFF, an operation result obtained by performing an AND operation of said fail-safe request flag #ETCOFF and an inverted value of a clear condition flag (1), which is set to 1 when conditions for clearing said fail-safe request are fulfilled; and a second OR circuit for outputting to said first NAND circuit, instead of said fail-safe request flag #ETCOFF_S, an operation result obtained by performing an OR operation of said fail-safe request flag #ETCOFF_S and a clear condition flag (2), which is set to 1 when conditions for clearing said fail-safe request are fulfilled.

15. The fail-safe apparatus of an electronic control system according to claim 14, further comprising: a third AND circuit for performing an AND operation of various clear condition flags which are set to 1 when said clear conditions are fulfilled; a fourth AND circuit for performing an AND operation of an output from said third AND circuit and an experience flag #ETCFJUD denoting that a predetermined fail-safe state has been experienced when set to 1, and outputting the result of said operation as said clear condition flag (1); a second NAND circuit for performing a NOT-AND operation of various clear condition flags which are set to 1 when said clear conditions are fulfilled; and a third NOR circuit for performing a NOT-OR operation of an output from said second NAND circuit and an experience flag #ETCFJUD_S denoting that a predetermined fail-safe state has been experienced when set to 0, and outputting the result of said operation as said clear condition flag (2).